Abstract

Web-Based Enterprise Management (WBEM) is an emerging standard solution for remote management of heterogeneous devices. It allows to remotely operate and administer a group of hardware and software devices while preserving some security features. The aim of this paper is two-fold: 1) We raise concerns regarding security weaknesses of the architecture of WBEM. 2) We propose a lightweight security model for WBEM based on the concept of Attribute Authority and show its effectiveness in preserving both the security and the performance of the system. Moreover, we address the concept of accountability and present guidelines for an implementation of our model.